News Stay informed about the latest enterprise technology news and product updates.

MalwareTech arrested for Kronos banking Trojan connection

The FBI arrested the famed security researcher known as MalwareTech after a two-year investigation into the creation and distribution of the Kronos banking Trojan.

The FBI detained and arrested a security researcher who allegedly created the Kronos banking Trojan.

Marcus Hutchins, also known as MalwareTech, was arrested in Las Vegas following the DefCon 2017 conference after what the FBI said was a two-year investigation. Hutchins, a U.K. citizen, gained notoriety during the WannaCry ransomware outbreak when he and fellow security researcher Matt Suiche found hardcoded command-and-control servers in the WannaCry code. The two researchers registered the C&C domains and effectively broke the ransomware.

However, the U.S. Department of Justice alleges that Hutchins, who also works for cybersecurity vendor Kryptos Logic, was one of two people behind the Kronos banking Trojan.

"Hutchins was charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization," Gregory Haanstad, U.S. attorney for the eastern district of Wisconsin, wrote in a statement. "The alleged conduct for which Hutchins was arrested occurred between in or around July 2014 and July 2015."

According to the indictment obtained by CNN Tech, the FBI claims Hutchins created the Kronos banking Trojan, a co-defendant (name redacted) released a video demonstration of the malware on July 13, 2014, Hutchins and the co-defendant updated the Kronos banking Trojan in February 2015, and then the co-defendant posted and sold the Trojan on the AlphaBay darknet marketplace in mid-2015.

AlphaBay was seized and shut down by the FBI and DEA in early July and European law enforcement used that closure to lure users to the Hansa darknet market, which was also shut down last month.

However, because Hutchins tweeted on July 13, 2014, asking for a malware sample of the banking Trojan, Jake Williams, founder of consulting firm Rendition InfoSec LLC in Augusta, Ga., said on Twitter that "it doesn't add up that he wrote it in 2014 and asked for a sample of it in the same time frame."

The news of Hutchins' arrest was first reported by Motherboard, which wrote that Hutchins was first detained at the Henderson Detention Center in Nevada.

Andrew Mabbitt, a friend of Hutchins and founder of Fidus Information Security, said on Twitter that he initially didn't know where Hutchins had been taken, but ultimately found him at the FBI's field office in Las Vegas. Mabbitt also said the Electronic Frontier Foundation has arranged legal representation for Hutchins.

Next Steps

Learn about the WannaCry decryptor created by researchers.

Find out what Asacub Trojan features enterprises should watch out for.

Get info on how the Dridex Trojan conducts redirection attacks.

Dig Deeper on Information security laws, investigations and ethics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What effect will MalwareTech's arrest have on security researchers and the infosec industry overall?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close